HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)
NOTE:
The Referential Integrity Plug-in should only be enabled on one supplier replica in a multi-master
replication environment to avoid conflict resolution loops. When enabling the plug-in on servers
issuing chaining requests, be sure to analyze performance resource and time needs, as well as
your integrity needs. Integrity checks can be time-consuming and draining on memory and CPU.
Whenever a user or group entry is deleted or renamed in the directory, the operation is logged
to the referential integrity log file (/var/opt/dirsrv/slapd-instance_name/log). After a
specified time, known as the update interval, the server performs a search on all attributes for
which referential integrity is enabled and matches the entries resulting from that search with the
DNs of deleted or modified entries present in the log file. If the log file shows that the entry was
deleted, the corresponding attribute is deleted. If the log file shows that the entry was changed,
the corresponding attribute value is modified accordingly.
By default, when the Referential Integrity Plug-in is enabled, it performs integrity updates on the
member, uniquemember, owner, and seeAlso attributes immediately after a delete or rename
operation. However, the behavior of the Referential Integrity Plug-in can be configured to suit the
needs of the directory in several different ways:
• Record referential integrity updates in the replication changelog.
• Modify the update interval.
• Select the attributes to which to apply referential integrity.
• Disable referential integrity.
All attributes used in referential integrity must be indexed for presence and equality; not indexing
those attributes results poor server performance for modify and delete operations. For more
information about checking and creating indexes, see “Creating indexes” (page 454).
3.5.2 Using referential integrity with replication
There are certain limitations when using the Referential Integrity Plug-in in a replication environment:
• Never enable it on a dedicated consumer server (a server that contains only read-only replicas).
• Never enable it on a server that contains a combination of read-write and read-only replicas.
• It is possible to enable it on a supplier server that contains only read-write replicas.
• With multi-master replication, enable the plug-in on just one supplier.
If the replication environment satisfies the conditions, you can enable the Referential Integrity Plug-in.
1. Enable the Referential Integrity Plug-in as described in “Enabling and disabling referential
integrity” (page 127).
2. Configure the plug-in to record any integrity updates in the changelog.
3. Ensure that the Referential Integrity Plug-in is disabled on all consumer servers.
NOTE: Because the supplier server sends any changes made by the Referential Integrity
Plug-in to consumer servers, it is unnecessary to run the Referential Integrity Plug-in on consumer
servers.
3.5.3 Enabling and disabling referential integrity
1. Select the Configuration tab, and expand the Plugins folder.
2. Select Referential Integrity Postoperation Plug-in from the list.
3.5 Maintaining Referential Integrity 127